Wow this is great news, thank you Peter! Regards, Ahmed
On Sat, May 2, 2020 at 10:21 AM Peter Wu <pe...@lekensteyn.nl> wrote: > Hi Ahmed, > > On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote: > > Hello, > > > > I've written a dissector for a custom protocol. The dissector works well, > > and now I'm trying to run the protocol over TLS 1.3. > > > > The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is > a > > new cipher suite, it is used for integrity and has a null cipher (The > > payload is actually plaintext). It is still in draft form, here is the > > document that describes it: > > https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt > > > > Looking at the ServerHello packet, Wireshark shows the CipherSuite as > > Unknown (0xC0B4). Consequently, it does not provide a "Decrypted > > application data" tab and does not pass the data to my dissector. > > The new cipher name was added in the development build via commit > v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052). It > is not present in the stable build yet. > > > This is what the TLS debug log shows: > [..] > > I tried adding the cipher-suite to packet-tls-utils.c and recompiling > > Wireshark. This is the line that I added, since the document says that > > Diffie-Helman is the only key exchange that can be used. I'm not > completely > > sure that I'm using the correct macros - I don't fully understand TLS. > > > > {0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM } > > This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13) > and more changes are needed to ensure that existing TLS 1.3 ciphers do > not break while adding support for this new cipher. > > I've created a test samples for the two ciphers and posted these at > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543 > > I hope to have a patch available tomorrow. > -- > Kind regards, > Peter Wu > https://lekensteyn.nl > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
